package com.my.blog.website.interceptor; import com.my.blog.website.modal.Vo.UserVo; import com.my.blog.website.service.IUserService; import com.my.blog.website.utils.*; import com.my.blog.website.constant.WebConst; import com.my.blog.website.dto.Types; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 自定义拦截器 * Created by BlueT on 2017/3/9. */ @Component public class BaseInterceptor implements HandlerInterceptor { private static final Logger LOGGE = LoggerFactory.getLogger(BaseInterceptor.class); private static final String USER_AGENT = "user-agent"; @Resource private IUserService userService; private MapCache cache = MapCache.single(); @Resource private Commons commons; @Resource private AdminCommons adminCommons; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { String uri = request.getRequestURI(); LOGGE.info("UserAgent: {}", request.getHeader(USER_AGENT)); LOGGE.info("用户访问地址: {}, 来路地址: {}", uri, IPKit.getIpAddrByRequest(request)); //请求拦截处理 UserVo user = TaleUtils.getLoginUser(request); if (null == user) { Integer uid = TaleUtils.getCookieUid(request); if (null != uid) { //这里还是有安全隐患,cookie是可以伪造的 user = userService.queryUserById(uid); request.getSession().setAttribute(WebConst.LOGIN_SESSION_KEY, user); } } if (uri.startsWith("/admin") && !uri.startsWith("/admin/login") && null == user) { response.sendRedirect(request.getContextPath() + "/admin/login"); return false; } //设置get请求的token if (request.getMethod().equals("GET")) { String csrf_token = UUID.UU64(); // 默认存储30分钟 cache.hset(Types.CSRF_TOKEN.getType(), csrf_token, uri, 30 * 60); request.setAttribute("_csrf_token", csrf_token); } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { httpServletRequest.setAttribute("commons", commons);//一些工具类和公共方法 httpServletRequest.setAttribute("adminCommons", adminCommons); } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } }